Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Matei David
2023-04-20
tldr - powered by Generative AI
Linkerd is a service mesh for cloud-native microservices that provides failure resiliency, observability, and security.
- The Gateway API standardizes some of the Ingress stuff and is mostly for North-South traffic.
- Linkerd is working on adapting the HTTP route resources to make sense for East-West traffic.
- If all pods start returning 500 errors all at once, they will all be taken out of circulation and apply the back-off penalty.
- Linkerd does not yet support IPv6, but it is in the books.
- EBPF is a cool technology, but it cannot do any State Management inside of it, making it difficult to handle circuit breaking, retries, and timeouts.
- Linkerd supports EBPF, but when it comes to doing service mesh things, there is no substitute for the sidecar proxy.
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Faseela K, Lin Sun
2023-04-19
tldr - powered by Generative AI
The presentation discusses the use of Istio service mesh for multi-tenancy and how it can be configured for single or multiple control planes.
- Istio service mesh is important for resource-saving and identity isolation in multi-tenancy models
- Recent enhancements make it easy to configure using the revisions feature and discovery selectors
- Multiple control planes allow for separate versions and lifecycle management for different applications
- Mixed multi-tenancy models are possible depending on the organization's requirements
- Argo CD can be used for deploying and syncing resources in the cluster
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Alex Leong
2022-10-27
tldr - powered by Generative AI
Overview and State of Linkerd - A service mesh for transparent mtls between all services on by default
- Linkerd is a service mesh that intercepts all network traffic for a pod and adds functionality like observability, reliability features, and transparent mtls between all services on by default
- Philosophy behind Linkerd is to make it easy to use and install without requiring extensive configuration
- Linkerd integrates with startmanager for automatic certificate rotation
- Linkerd uses HTTP back pressure mechanism for back pressure
- Linkerd is focused on workload identity rather than user identity
- Linkerd provides East West traffic for service to service within the cluster
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Stefan Prodan, Mitch Connors
2022-05-20
tldr - powered by Generative AI
The presentation discusses the challenges of upgrading Istio and proposes a GitOps approach to automate service mesh upgrades.
- Upgrading Istio is difficult and time-consuming
- 88% of Istio installations still have known CVEs despite efforts to make upgrades easier
- The GitOps approach using Flux and Flagger can automate Istio upgrades and improve observability
- The Helm controller in Flux provides a better experience than the Istio operator
- Istio upgrades should be treated like any other piece of infrastructure and automated using GitOps
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Jim Barton, Adam Sayah
2022-05-19
tldr - powered by Generative AI
Envoy is a popular and scalable API gateway technology that was built to work in a dynamic services environment. It is fast, comprehensive, dynamically configurable, extensible, and observable.
- Lyft built Envoy as an internal technology to publish services out to their consumers both internal and external.
- Envoy is built to be fast, scalable, comprehensive, dynamically configurable, extensible, and observable.
- Envoy works with a dynamic control plane, allowing for policies to be served up dynamically to the proxy without having to balance anything.
- Envoy is built on a filter chain architecture, allowing for various policies and routing techniques to be applied to requests.
- Envoy produces access logs on each request, which are valuable for debugging and monitoring purposes.
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Stephen Chan, Weibo He
2021-10-13
tldr - powered by Generative AI
Airbnb's experience of building a multi-cluster/multi-environment service mesh on top of Istio
- Airbnb migrated from monolith architecture to SOA and majority of workloads from EC2 to Kubernetes
- Legacy in-house service mesh no longer met their needs
- Adopted Istio as the foundation for their next generation service mesh
- Established confidence in Istio and started full speed migration
- Multi-cluster requirement led to adoption of external control plane and flat network model
- Multi-environment support includes multi-tier mesh, mesh expansion, and external services
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Oliver Gould
2021-10-13
tldr - powered by Generative AI
Overview of Linkerd project and its features for Kubernetes service mesh
- Linkerd is a service mesh for Kubernetes that provides observability, reliability, and security
- Observability is achieved through sidecar proxies that monitor http, grpc, and tcp metrics
- Reliability features include grpc load balancing, connection level load balancing for tcp, and configurable retries and timeouts
- Security is provided through transparent mtls for pod-to-pod communication
- New features include Linguity SMI extension for managing SMI CRDs and adapters for generating linguistic primitives
- Future plans include taking advantage of the new Linux system I/O system called Iou ring for CPU improvements and FIPS 140-2 compliance systems
- Users can get involved through talks, meetups, weekly edge releases, and monthly community meetings
- Linkerd has a growing set of features that can be added on for traffic shifting and more